본문 바로가기
서버구축 (WEB,DB)

mod_security - PCRE limits exceeded

by 날으는물고기 2015. 11. 16.

mod_security - PCRE limits exceeded

Just about on every request I am getting the following error:

Rule execution error - PCRE limits exceeded (-8): (null).

After a bunch of googling the only solutions seem to be

a) Add the following in your httpd.conf

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

b) Add the following to your php.ini

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

c) Use a version that was compiled with -disable-pcre-match-limit option.


I am running the following:

ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/).

Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8

For ModSec my rules, I am using the OWASP ModSecurity Core Rule Set Project version (CRS) version 2.2.3 which is the newest as of this posting.

My httpd.conf consists of essentially:

<IfModule security2_module>
    SecUploadDir /var/asl/data/suspicious
    SecDataDir /var/asl/data/msa
    SecTmpDir /tmp
    SecAuditLogStorageDir /var/asl/data/audit

    Include modsecurity.d/modsecurity_crs_10_config.conf
    Include modsecurity.d/activated_rules/*.conf

    SecRuleEngine On

    # Debug log
    SecDebugLog /var/log/apache2/modsec_debug.log
    SecDebugLogLevel 3

    # Serial audit log
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus ^5
    SecAuditLogParts ABIFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/apache2/modsec_audit.log

    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

</IfModule>


<IfModule mod_php5.c>
    php_admin_flag pcre.backtrack_limit 10000000
    php_admin_flag pcre.recursion_limit 10000000
</IfModule>

Of which inside my modsecurity.d directory is just all the default rules CRS has in their install file. I have also set the pcre limits to 150000000 and 100000000000 and more, but to no available.

So in conclusion:

solutions a and b are not working, and I prefer greatly not to do c...as I don't really understand/like compiling.

Anyone have any other ideas?



출처 : http://serverfault.com/questions/

728x90

댓글